Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[INFRA] Reviewing Dependabot updates is time consuming - Find alternatives #668

Open
tbouffard opened this issue Sep 6, 2022 · 1 comment
Open

[INFRA] Reviewing Dependabot updates is time consuming - Find alternatives #668

tbouffard opened this issue Sep 6, 2022 · 1 comment
Labels
chore Build, CI/CD or repository tasks (issues/PR maintenance, environments, ...)

Comments

@tbouffard
Copy link
Member

tbouffard commented Sep 6, 2022
edited
Loading

This project declares a lot of dependencies (most of them are dev dependencies), reviewing PR created by Dependabot takes too much time.
For instance today, here is the list of PR dependabot would like to create (we allow Dependabot to open 2 PR at a given time).
The preview is not deployed on dependabot PR, so manual tests must be done.

updater | +----------------------------------------------------------------------+
updater | |                 Changes to Dependabot Pull Requests                  |
updater | +---------+------------------------------------------------------------+
updater | | created | gatsby ( from 4.21.1 to 4.22.0 )                           |
updater | | created | gatsby-plugin-manifest ( from 4.21.0 to 4.22.0 )           |
updater | | created | gatsby-transformer-remark ( from 5.21.0 to 5.22.0 )        |
updater | | created | gatsby-plugin-typescript ( from 4.21.0 to 4.22.0 )         |
updater | | created | @emotion/react ( from 11.10.0 to 11.10.4 )                 |
updater | | created | @typescript-eslint/eslint-plugin ( from 5.36.0 to 5.36.1 ) |
updater | | created | @typescript-eslint/parser ( from 5.36.0 to 5.36.1 )        |
updater | | created | @emotion/styled ( from 11.10.0 to 11.10.4 )                |
updater | | created | @fortawesome/fontawesome-svg-core ( from 6.1.2 to 6.2.0 )  |
updater | | created | gatsby-plugin-sitemap ( from 5.21.0 to 5.22.0 )            |
updater | | created | @mui/material ( from 5.10.1 to 5.10.3 )                    |
updater | | created | gatsby-remark-responsive-iframe ( from 5.21.0 to 5.22.0 )  |
updater | | created | @fortawesome/free-solid-svg-icons ( from 6.1.2 to 6.2.0 )  |
updater | | created | @fortawesome/free-brands-svg-icons ( from 6.1.2 to 6.2.0 ) |
updater | | created | gatsby-plugin-google-gtag ( from 4.21.0 to 4.22.0 )        |
updater | | created | gatsby-plugin-mdx ( from 3.20.0 to 4.1.0 )                 |
updater | | created | @mui/icons-material ( from 5.8.4 to 5.10.3 )               |
updater | | created | gatsby-plugin-styled-components ( from 5.21.0 to 5.22.0 )  |
updater | | created | @types/react ( from 18.0.17 to 18.0.18 )                   |
updater | +---------+------------------------------------------------------------+

Proposal

Use tool like Renovate that are able to update several dependencies at the same time.
Notice that dependabot recently introduced a way to group dependency update: github.blog/changelog/2023-06-30-grouped-version-updates-for-dependabot-public-beta
See also
@tbouffard tbouffard added the chore Build, CI/CD or repository tasks (issues/PR maintenance, environments, ...) label Sep 6, 2022
@csouchet
Copy link
Member

Let's try to use it 😉

@tbouffard tbouffard mentioned this issue Feb 7, 2023
Closed
@csouchet csouchet mentioned this issue May 11, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
chore Build, CI/CD or repository tasks (issues/PR maintenance, environments, ...)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@csouchet @tbouffard